Fixes/import permissions mask (#6826)

* Check for empty headers in import

* Added import permission

* Fixed model path in docblock

* Added import gate to default blade

* Check if the user is an admin OR idf they have import permissions

* Walked back that admin permission

Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
This commit is contained in:
snipe 2019-03-18 11:58:08 -07:00 committed by GitHub
parent 5893e25b43
commit 7b33f95e83
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 45 additions and 14 deletions

View file

@ -25,7 +25,7 @@ class ImportController extends Controller
*/
public function index()
{
//
$this->authorize('import');
$imports = Import::latest()->get();
return (new ImportsTransformer)->transformImports($imports);
@ -39,10 +39,8 @@ class ImportController extends Controller
*/
public function store()
{
//
if (!Company::isCurrentUserAuthorized()) {
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
} elseif (!config('app.lock_passwords')) {
$this->authorize('import');
if (!config('app.lock_passwords')) {
$files = Input::file('files');
$path = config('app.private_uploads').'/imports';
$results = [];
@ -119,7 +117,7 @@ class ImportController extends Controller
*/
public function process(ItemImportRequest $request, $import_id)
{
$this->authorize('create', Asset::class);
$this->authorize('import');
// Run a backup immediately before processing
Artisan::call('backup:run');
$errors = $request->import(Import::find($import_id));
@ -162,7 +160,7 @@ class ImportController extends Controller
*/
public function destroy($import_id)
{
$this->authorize('create', Asset::class);
$this->authorize('import');
$import = Import::find($import_id);
try {
unlink(config('app.private_uploads').'/imports/'.$import->file_path);

View file

@ -12,7 +12,7 @@ class ImportsController extends Controller
{
public function index()
{
$this->authorize('create', Asset::class);
$this->authorize('import');
$imports = Import::latest()->get();
$imports = (new ImportsTransformer)->transformImports($imports);
return view('importer/import')->with('imports', $imports);

View file

@ -43,6 +43,20 @@ class ItemImportRequest extends FormRequest
$import->save();
$fieldMappings=[];
if ($import->field_map) {
// This checks to make sure the field header has been mapped.
// If it hasn't been, it will throw an array_flip error
foreach ($import->field_map as $field => $fieldValue) {
$errorMessage = null;
if(is_null($fieldValue)){
$errorMessage = 'All import fields must be mapped.';
$this->errorCallback($import, $field, $errorMessage);
return $this->errors;
}
}
// We submit as csv field: column, but the importer is happier if we flip it here.
$fieldMappings = array_change_key_case(array_flip($import->field_map), CASE_LOWER);
// dd($fieldMappings);

View file

@ -53,7 +53,7 @@ abstract class SnipePermissionsPolicy
/**
* Determine whether the user can view the accessory.
*
* @param \App\User $user
* @param \App\Models\User $user
* @return mixed
*/
public function view(User $user, $item = null)
@ -64,7 +64,7 @@ abstract class SnipePermissionsPolicy
/**
* Determine whether the user can create accessories.
*
* @param \App\User $user
* @param \App\Models\User $user
* @return mixed
*/
public function create(User $user)
@ -75,7 +75,7 @@ abstract class SnipePermissionsPolicy
/**
* Determine whether the user can update the accessory.
*
* @param \App\User $user
* @param \App\Models\User $user
* @return mixed
*/
public function update(User $user, $item = null)
@ -86,7 +86,7 @@ abstract class SnipePermissionsPolicy
/**
* Determine whether the user can delete the accessory.
*
* @param \App\User $user
* @param \App\Models\User $user
* @return mixed
*/
public function delete(User $user, $item = null)
@ -97,11 +97,13 @@ abstract class SnipePermissionsPolicy
/**
* Determine whether the user can manage the accessory.
*
* @param \App\User $user
* @param \App\Models\User $user
* @return mixed
*/
public function manage(User $user, $item = null)
{
return $user->hasAccess($this->columnName().'.edit');
}
}

View file

@ -113,6 +113,14 @@ class AuthServiceProvider extends ServiceProvider
});
// Can the user import CSVs?
Gate::define('import', function ($user) {
if ($user->hasAccess('import') ) {
return true;
}
});
# -----------------------------------------
# Reports
# -----------------------------------------

View file

@ -27,6 +27,15 @@ return array(
)
),
'CSV Import' => array(
array(
'permission' => 'import',
'label' => '',
'note' => 'This will allow users to import even if access to users, assets, etc is denied elsewhere.',
'display' => true,
)
),
'Reports' => array(
array(
'permission' => 'reports.view',

View file

@ -520,7 +520,7 @@
</a>
</li>
@endcan
@can('create', \App\Models\Asset::class)
@can('import')
<li{!! (Request::is('import/*') ? ' class="active"' : '') !!}>
<a href="{{ route('imports.index') }}">
<i class="fa fa-cloud-download"></i>